PDF Archives -

PDF

PDF Trojan Appears on Mac OS X

  A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.   When the user opens the “PDF” file, it attempts to mask the installation

PDFs Exploitable?!? I’m shocked…

September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these

Russian Metro Bombings: Here come the Ghouls

[Interim updates removed: later information on Twitter profile attacks and Blackhat SEO attacks using keywords related to this topic to spread malware, has been made public in a later blog at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls.] Following this morning's bombings in the Moscow Metro (subway system), Aryeh Goretsky suggests the likelihood of criminals using "blackhat SEO" (search engine optimization

World-Cup Malware: the Kick-Off

Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in

Adobe, Javascript, and the CVE-2009-4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today’s article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

Ditch Adobe?

Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible.  Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit

The Perils of PDF

Security issues with PDFs are nothing new, as a skim through past Adobe security bulletins and advisories indicates. (This isn’t a criticisim of Adobe: it’s inevitable that security issues will surface from time to time in sophisticated, function-rich software, and Adobe are clearly aware of the need to address the problems as they arise.) In